Description of problem:
The "_rails_session" cookie created from the console is not marked as secure. This could allow the cookie to be transmitted over non-secure connections. As openshift (by default) requires an https connection, this isn't too much of an issue. However, server-side misconfiguration could lead to the cookie, along with the CSRF token within, to be compromised.
Version-Release number of selected component (if applicable):
I could have sworn this was already in progress. Alright, well, we should do it. Should not be hard.
*** This bug has been marked as a duplicate of bug 1114111 ***